CVE-2017-7480

Source
Severity High
Remote Yes
Type Arbitrary code execution
Description
rkhunter downloads updates over a plain HTTP link with a version certificate that can be faked. A potential man-in-the-middle attack can lead to the execution of arbitrary code.
Group Package Affected Fixed Severity Status Ticket
AVG-334 rkhunter 1.4.2-2 1.4.4-1 High Fixed
Date Advisory Group Package Severity Description
18 Jul 2017 ASA-201707-24 AVG-334 rkhunter High arbitrary code execution
References
http://openwall.com/lists/oss-security/2017/06/29/2